Is it mandatory to sign the IDP metadata.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Is it mandatory to sign the IDP metadata.

Vineeth K
In my setup SSO flow will break if signature validation for IDP metadata is enabled in SP.

<MetadataProvider type="XML" uri="http://server.com/idpmetadata.xml"
              backingFilePath="IDP-metadata.xml" reloadInterval="7200">
            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
            <MetadataFilter type="Signature" certificate="/etc/shibboleth/idpcert.pem"/>
</MetadataProvider>

2013-11-20 10:47:20 CRIT OpenSAML.MetadataProvider.XML : maintaining existing configuration, error reloading resource (http://server.com/idpmetadata.xml): SignatureMetadataFilter unable to verify signature at root of metadata instance.